Re: Finding and Disabling Inactive AD User Accounts
- From: "Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx>
- Date: Tue, 21 Nov 2006 16:28:25 -0500
Yeah this handled much nicer and tremendously safer from oldcmp... lastLogonTimeStamp and all.
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
Mallika wrote:
Hi,.
You can user DSQUERY command from command line to get all inactive user accounts. Format is
dsquery user OU=Employees,dc=contoso,dc=com -inactive 4
This command will query all users who didn't login to domain for the last 4 weeks.
dsmod user cn=username,OU=Employees,dc=contoso,dc=com -disabled yes.
This command will disable given user ID.
You can pipe this to commands and achive your task.
dsquery user OU=Employees,dc=contoso,dc=com -inactive 4 | dsmod user -disabled yes.
Let me know you need any further help.
Thanks,
Mallika.
"Gibraltar" wrote:
Hello jtux,
There is an attribute called the lastlogontimestamp for each and every user. You can check for that attribute for all theusers through a script and get the users who have not logged in for last 30 days.
For more information on that, check out microsoft website with the keyword lastlogontimestamp.
Cheers,
Gib
"jtux" wrote:
howdy list,
Anybody has experience or script to " find and disable Inactive AD User Accounts for at least 30 or some period of days?
help and suggestion will be appreciated.
jtux,
- Prev by Date: Re: favorites
- Next by Date: Re: Account Operators users changing others Account Operators user
- Previous by thread: Re: Finding and Disabling Inactive AD User Accounts
- Next by thread: Active Directory Computer Accounts
- Index(es):
Relevant Pages
|
